easyGDPR Logo

Privacy Policy

Effective Date: May 14, 2025

🛡️ Data Controller Information

This Privacy Policy describes how easyGDPR.app (the "Controller") processes your information when you use our GDPR compliance tools and services.

Data Controller: easyGDPR.app

Website: https://www.easygdpr.app

Contact Email: privacy@easygdpr.app

📊 Data Processing Overview

We are committed to privacy by design. While we minimize data collection, we do process some technical data to provide and improve our services.

Data Category Purpose Legal Basis Recipients Retention
IP Address Service provision, abuse detection, geographic analytics Legitimate Interest (Art. 6(1)(f)) easyGDPR.app, trusted analytics partners 30 days (anonymized afterwards)
Country (derived from IP) Usage analytics, service optimization Legitimate Interest (Art. 6(1)(f)) easyGDPR.app 12 months (aggregate only)
Browser Type & OS Technical compatibility, service improvement Legitimate Interest (Art. 6(1)(f)) easyGDPR.app 12 months (aggregate only)

🎯 Purposes for Processing Personal Data

We process the limited technical data we collect for the following specific purposes as required by GDPR Article 13(1)(c):

Primary Purposes:

  • Service Provision: Operating our GDPR request generator, privacy check tools, and related compliance services
  • Technical Operations: Ensuring website functionality, compatibility across devices and browsers
  • Security & Abuse Prevention: Detecting and preventing malicious activities, spam, and system abuse
  • Service Improvement: Analyzing usage patterns to enhance user experience and develop new features
  • Geographic Insights: Understanding regional usage to provide relevant compliance information
  • Performance Optimization: Monitoring and improving website speed, reliability, and accessibility

No Profiling or Automated Decision-Making: We do not engage in automated decision-making, profiling, or behavioral tracking of individual users. All data processing is for operational and statistical purposes only.

👥 Recipients and Data Sharing

As required by GDPR Article 13(1)(e), we disclose the recipients or categories of recipients of your personal data:

Primary Recipient:

  • easyGDPR.app - As the data controller, we process all collected data internally for the purposes outlined above

Third-Party Categories (Limited Access to Aggregated Data Only):

  • Analytics Service Providers: Trusted partners who help us analyze website performance and usage statistics (data shared only in anonymized, aggregate form)
  • Technical Service Providers: Infrastructure providers necessary for website hosting and operation (minimal technical data access only)

Data Sharing Principles: We never sell, trade, or rent personal data to third parties. Any data shared with service providers is limited to anonymized, aggregated statistics or technical requirements for service operation, and is governed by strict data processing agreements.

No International Transfers: We do not transfer personal data outside the European Economic Area (EEA). All data processing occurs within the EEA under GDPR protection.

⚖️ Legal Basis for Processing

Our processing activities are based on the following legal grounds under GDPR Article 6:

Legitimate Interest (Article 6(1)(f)):

  • Our Interest: Providing reliable, secure, and optimized GDPR compliance services
  • Your Interest: Receiving a functional, secure, and continuously improving service
  • Balancing Test: Our processing is minimal, proportionate, and necessary for service provision without unduly impacting your privacy rights

Assessment: We have conducted a legitimate interest assessment confirming that our data processing is necessary, proportionate, and does not override your fundamental rights and freedoms.

📅 Data Retention

We retain personal data only as long as necessary for the purposes outlined above:

Retention Schedule:

  • IP Addresses: Automatically deleted after 30 days, then permanently anonymized
  • Geographic Data: Aggregated country-level data retained for 12 months maximum
  • Technical Data: Browser and OS statistics retained in aggregate form for 12 months
  • User-Generated Content: We do not store any user-generated content, form submissions, or personal documents

Automatic Deletion: All personal identifiers are automatically purged from our systems according to the schedule above. After retention periods expire, only anonymized statistical data remains.

🚫 What We Don't Collect

To protect your privacy, we deliberately avoid collecting:

  • Names, email addresses, or contact information
  • User accounts, registration data, or login credentials
  • Personal documents or form content you generate using our tools
  • Payment information or financial data
  • Behavioral profiles or tracking across other websites
  • Precise location data beyond country level
  • Sensitive personal data categories (health, political views, etc.)

🍪 Cookies

Our website does not use cookies for any purpose. For complete details, please refer to our separate Cookies Policy.

We believe in providing a completely cookie-free experience, ensuring that your browsing activity remains private and untracked.

🇪🇺 Your Rights Under GDPR

As a data subject under GDPR, you have the following rights regarding your personal data:

Your GDPR Rights:

  • Right of Access (Art. 15): Request confirmation of processing and copies of your personal data
  • Right to Rectification (Art. 16): Request correction of inaccurate personal data
  • Right to Erasure (Art. 17): Request deletion of your personal data under certain conditions
  • Right to Restriction (Art. 18): Request restriction of processing under certain circumstances
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format
  • Right to Object (Art. 21): Object to processing based on legitimate interests
  • Right to Withdraw Consent: Where processing is based on consent (not applicable to our current processing)
  • Right to Lodge a Complaint (Art. 77): File a complaint with your supervisory authority

Exercising Your Rights: To exercise any of these rights, contact us at privacy@easygdpr.app. We will respond within one month and verify your identity before processing requests.

Supervisory Authority: You can lodge a complaint with your local data protection authority. For most EU residents, this is your national DPA. You can find contact details at https://edpb.europa.eu/about-edpb/about-edpb/members_en.

🏛️ California Consumer Privacy Rights (CCPA)

California residents have specific rights under the California Consumer Privacy Act (CCPA):

Your California Rights:

  • Right to Know: Information about categories and specific pieces of personal information we collect
  • Right to Delete: Request deletion of personal information we have collected
  • Right to Opt-Out: Opt-out of sale of personal information (we don't sell data)
  • Right to Non-Discrimination: Equal service regardless of exercising privacy rights

CCPA Disclosure:

Category Collected Sold Business Purpose
Personal Identifiers IP Address only No Service operation, security
Internet Activity Browser/OS type No Technical compatibility
Geolocation Country level only No Usage analytics

🔒 Security Measures

We implement appropriate technical and organizational measures to protect your personal data:

Security Controls:

  • Encryption: All data transmission secured with industry-standard encryption
  • Access Controls: Strict limitation of access to personal data on need-to-know basis
  • Data Minimization: Collection limited to minimum necessary data
  • Automatic Deletion: Automated systems ensure timely data purging
  • Regular Audits: Periodic review of data processing activities and security measures

🔗 Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites.

Important Notice: When you click external links or use our generated templates to contact other companies, you leave our privacy-protected environment. Always review the privacy policies of other websites and services before sharing personal information.

👶 Children's Privacy

Our services are not directed to children under 16 years of age. We do not knowingly collect personal data from children under 16.

If we become aware that we have collected personal data from a child under 16, we will take immediate steps to delete such information. Parents or guardians who believe we may have collected information from a child under 16 should contact us immediately.

🔄 Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be communicated as follows:

Notification Process:

  • Updated effective date prominently displayed
  • Summary of material changes provided at top of policy
  • Reasonable notice period before changes take effect
  • Continued commitment to privacy-by-design principles

📧 Contact Information

For any questions about this Privacy Policy or to exercise your rights, contact us:

Email: privacy@easygdpr.app
Website: https://www.easygdpr.app
Response Time: We respond to all privacy inquiries within 30 days

Data Protection Inquiries: We are committed to transparency and will provide detailed responses to all questions about our data processing practices, even though we collect minimal personal data.